Documentation
¶
Overview ¶
syscallfilter runs a command with a possibly empty set of filters:
Synopsis: syscallfilter [event]* [--] command [arguments]
Description:
The command name at least is mandatory. If no filters are specified, then the command runs as normal. Filters can be used to manage events. Events are specified as triples: eventRE,action,value The event is a regular expression, matching a system call name, at entry or exit, e.g. E.*read.* will match all variants of read at entry; or an strace event, e.g. NewChild will match strace events concerning new process creation. For more details, see the syscallfilter package.
Should we wish to bar date from getting the time of day, for example: syscallfilter E.*time.*,error,-1
And the result is: ./syscallfilter E.*timeof.*,error,-1 -- date 2022/01/13 11:50:47 Filtering ["date"]: -1
You can deny echo from fulfilling its destiny: syscallfilter E.*write.*,error,-1 -- echo hi 2022/01/13 11:52:03 Filtering ["echo" "hi"]: -1
You can enforce limits on population growth: syscallfilter NewChild,error,-1 -- bash -c date 2022/01/13 11:53:21 Filtering ["bash" "-c" "date"]: -1
Note that the syscallfilter command can not currently tell if the error was a real error or filtered error. There is a case to be made that it should not be possible to tell, so, for now, we do not make it possible to distinguish real errors and fake errors.
Source Files